Microsoft issues report on what caused the huge Crowdstrike crash

On July 19 the American cybersecurity company CrowdStrike put out a faulty update that shut down IT infrastructure and caused… Continue reading Microsoft issues report on what caused the huge Crowdstrike crash

The post Microsoft issues report on what caused the huge Crowdstrike crash appeared first on ReadWrite.

On July 19 the American cybersecurity company CrowdStrike put out a faulty update that shut down IT infrastructure and caused widespread outages across the world, mainly seen through the cancellation of flights but also felt in other industries.

It’s believed to be the largest technology outage in IT history; Microsoft has reported that around 8.5 million Microsoft Windows devices were impacted. Hospitals and other businesses were unable to carry out normal functions as the infamous “blue screen of death,” usually just an annoyance for personal computing users, brought an alarming number of critical services to a full stop.

Since the update failure, both Microsoft and Crowdstrike have been working to understand the issue and help those who have been affected. Microsoft published a technical analysis of the outage on Saturday (July 27), the same day that CrowdStrike published its Preliminary Post Incident Review on Saturday (27 July).

Microsoft confirms CrowdStrike outage reason following analysis

In CrowdStrike’s analysis, they say the issue came down to a memory safety issue which was a read out-of-bounds access violation in the CSagent driver. This is a module designed to detect activity that looks suspicious.

Microsoft has corroborated this and explains how its Kernel Debugger and other free-to-use extensions were used to find the memory safety issue to be the root cause.

The technology giant’s analysis included the team restoring the stack frame at the time of the access violation to learn more about its origin. However, due to only being able to see a compressed version, they were unable to disassemble backwards to see the larger set of instructions before the crash.

After explaining how they confirmed CrowdStrike’s analysis to be correct, they explained how the cybersecurity company loads four driver manuals in its kernel driver architecture.

They say this is commonplace due to the system-wide visibility it can present, along with potential performance benefits and the tamper resistance factor.

CrowdStrike has taken full responsibility for the outage and its chief executive has apologized for its malfunctioning software update.

Featured Image: Via Ideogram

The post Microsoft issues report on what caused the huge Crowdstrike crash appeared first on ReadWrite.